Legal claims defining the scope of protection, as filed with the USPTO.
2. The method according to claim 1 wherein the at least one other session feature also comprises a time difference histogram describing a distribution of time difference between activities during the session.
3. The method according to claim 1 comprising responding to the user profiles and the abnormal sessions by enforcing a security rule.
4. The method according to claim 1 comprising responding to the user profiles and the abnormal sessions by visualizing information about the user profiles and the abnormal sessions.
5. The method according to claim 1 wherein session metadata of a session comprises an ordered sequence of identifiers of the activities of the session, the ordered sequence is ordered according to an occurrence of each activity within the session.
6. The method according to claim 5 wherein the forming of the chunks comprises generating a sorted list of session metadata, the sorted list is sorted according to the ordered sequences of identifiers of the sessions, and segmenting the sorted list to chunks.
7. The method according to claim 1 comprising generating a session metadata related to a session by ignoring at least one activity of the session.
8. The method according to claim 1 wherein the generating of the group-based clusters comprises at least one out of (i) merging one or more chunk-based clusters, and (ii) clustering out-of-cluster data points.
9. The method according to claim 1 wherein the applying of the iterative clustering process is executed without a preliminary step of removing suspected outliers.
10. The method according to claim 1 wherein the iterative clustering process accuracy is indifferent to an existence of outliers.
11. The method according to claim 1 wherein the iterative clustering process is executed until convergence and without predefining a final number of clusters per chunk.
12. The method according to claim 1 wherein the generating of the group-based clusters is executed without predefining a final number of group-based clusters.
13. The method according to claim 1 wherein the applying an iterative clustering process comprises finding out-of-cluster data points and wherein the generating of the group-based clusters comprises attempting to cluster the out-of-cluster data points.
14. The method according to claim 1 wherein the step of generating the group-based clusters comprises performing multiple iterations of (a) calculating clusters and out-of-cluster points, and (b) attempting to cluster the out-of-cluster data points.
15. The method according to claim 1 wherein the applying an iterative clustering process comprises performing multiple clustering iterations, each clustering iteration comprises applying an enhanced K-means clustering algorithm.
16. The method according to claim 14 wherein a first clustering iteration comprises (i) selecting a first centroid based on normalized distances between a data points of a chunk, and (ii) applying the k-means clustering on the data points of the chunk, given the first centroid.
17. The method according to claim 15 wherein each clustering iteration of the multiple clustering iteration comprises (i) selecting a new centroid, based on (a) a normalized distance of data points from other data points, and (b) distances of the data points from current centroids, and (ii) applying the k-means clustering on the data points of the chunk, given the new centroid and the current centroids.
18. The method according to claim 1 wherein the applying of the iterative clustering process and the generating of the group-based clusters comprises enforcing a minimal size of cluster.
19. The method according to claim 1 comprising evaluating a risk associated with an abnormal session.
20. The method according to claim 19 wherein the evaluating of the risk is based, at least in part, on a deviation of the abnormal session from a user profile.
21. The method according to claim 19 wherein the evaluating of the risk is based, at least in part, on a sensitivity related to one or more activities of the abnormal session.
22. The method according to claim 1 wherein the sessions are software as service (SaaS) application sessions.
23. The method according to claim 1 wherein the group of sessions are related to a single user.
24. The method according to claim 1 wherein the group of sessions are related to multiple user.
Unknown
December 20, 2022
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.